Methods, systems, and computer-readable storage media for managing risk using location, mobile, and user participating-based identity verification

ABSTRACT

The presently disclosed subject matter is directed to methods, systems, and computer-readable storage media for location, mobile, and user participating-based identity verification for the purposes of risk management. In one embodiment, the method, system, and computer-readable storage media includes receiving user data, receiving verification data, and verifying the identity of a user based on the user data and the verification request data. The user data may include location data and/or identity data, and the user data may be received from a mobile device. The identity data may include biometric data regarding the user. The method, system, and computer-readable storage media may include comparing the user data to the verification request data. The method, system, and computer-readable storage media may also include performing an action based on the results of the verification wherein the action is authorizing a payment.

CROSS REFERENCE TO RELATED APPLICATION

This application claims the benefit of U.S. Provisional PatentApplication No. 61/488,310, filed May 20, 2011 and titled METHODS,SYSTEMS, AND COMPUTER-READABLE STORAGE MEDIA FOR MANAGING RISK USINGLOCATION-BASED IDENTITY VERIFICATION, the content of which is herebyincorporated herein by reference in its entirety.

TECHNICAL FIELD

The subject matter disclosed herein relates to risk management. Inparticular, the subject matter disclosed herein relates to methods,systems, and computer-readable storage media for managing risk utilizinglocation, mobile, and user participating-based identity verification.

BACKGROUND

Merchants and financial institutions attribute hundreds of billions ofdollars in losses each year directly to identity fraud. Stolen creditcards result in financial losses by consumers and their credit scoresmay also be adversely affected. Correcting this type of criminalactivity is often burdensome for consumers, merchants, and financialinstitutions alike. Card issuers are seldom able to manage fraud in realtime, and by the time the card issuer's system detects potential misuse,a stolen card may be used multiple times in many different locations. Asignificant amount of damage may have occurred by the time thefraudulent activity is discovered by the card issuer. The process ofissuing transaction cards to consumers is also unsafe and is prone totheft and misuse. The process is not completely automated, and itrequires the handling of issued cards by multiple parties outside of thecard issuer and consumer. Additionally, payment transactions go througha complex system where the card issuer must authorize a payment eventhough the issuer cannot verify with a great degree of certainty thatthe card being used in a payment transaction is being used by the cardowner. Accordingly, there is a need for an improved system and method ofverifying a user's identity.

SUMMARY

This Summary is provided to introduce a selection of concepts in asimplified form that are further described below in the DetailedDescription. This Summary is not intended to identify key features oressential features of the claimed subject matter, nor is it intended tobe used to limit the scope of the claimed subject matter.

The present disclosure is directed to methods, systems, andcomputer-readable storage media for location, mobile, and userparticipating-based identity verification. In one embodiment, themethod, system, and computer-readable storage media includes receivinguser data, receiving verification data, and verifying the identity of auser based on the user data and the verification request data. The userdata may include location data and/or identity data, and the user datamay be received from a mobile device. The identity data may includebiometric data regarding the user. The method, system, andcomputer-readable storage media may include comparing the user data tothe verification request data. The method, system, and computer-readablestorage media may also include performing an action based on the resultsof the verification wherein the action is authorizing a payment.

BRIEF DESCRIPTION OF THE DRAWINGS

The foregoing Summary, as well as the following Detailed Description, isbetter understood when read in conjunction with the appended drawings.For the purposes of illustration, there is shown in the drawingsexemplary embodiments; however, the presently disclosed subject matteris not limited to the specific methods and instrumentalities disclosed.In the drawings:

FIG. 1 is a block diagram of an exemplary method of provisioningtransaction cards to consumers according to an embodiment of the presentsubject matter;

FIG. 2 is a block diagram of a simplified payment transaction accordingto an embodiment of the present subject matter;

FIG. 3 is a block diagram of a simplified payment transaction usinglocation-based identity verification according to an embodiment of thepresent subject matter; and

FIGS. 4A and 4B illustrate flow diagrams of example verificationprocesses according to embodiments of the presently disclosed subjectmatter; and

FIG. 5 illustrates a diagram of an example verification process for atransaction card according to embodiments of the presently disclosedsubject matter.

DETAILED DESCRIPTION

The presently disclosed subject matter is described with specificity tomeet statutory requirements. However, the description itself is notintended to limit the scope of this patent. Rather, the inventors havecontemplated that the claimed subject matter might also be embodied inother ways, to include different steps or elements similar to the onesdescribed in this document, in conjunction with other present or futuretechnologies. Moreover, although the term “step” may be used herein toconnote different aspects of methods employed, the term should not beinterpreted as implying any particular order among or between varioussteps herein disclosed unless and except when the order of individualsteps is explicitly described.

As referred to herein, the term “computing device” should be broadlyconstrued. It can include any type of mobile device, for example, asmart phone, a cell phone, a pager, a personal digital assistant (PDA,e.g., with GPRS NIC), a mobile computer with a smart phone client, orthe like. A computing device can also include any type of conventionalcomputer, for example, a desktop computer or a laptop computer. Atypical mobile device is a wireless data access-enabled device (e.g., aniPHONE® smart phone, a BLACKBERRY® smart phone, a NEXUS ONE™ smartphone, an iPAD™ device, or the like) that is capable of sending andreceiving data in a wireless manner using protocols like the InternetProtocol, or IP, and the wireless application protocol, or WAP. Thisallows users to access information via wireless devices, such as smartphones, mobile phones, pagers, two-way radios, communicators, and thelike. Wireless data access is supported by many wireless networks,including, but not limited to, CDPD, CDMA, GSM, PDC, PHS, TDMA, FLEX,ReFLEX, iDEN, TETRA, DECT, DataTAC, Mobitex, EDGE and other 2G, 3G, 4Gand LTE technologies, and it operates with many handheld deviceoperating systems, such as PalmOS, EPOC, Windows CE, FLEXOS, OS/9,JavaOS, iOS and Android. Typically, these devices use graphical displaysand can access the Internet (or other communications network) onso-called mini- or micro-browsers, which are web browsers with smallfile sizes that can accommodate the reduced memory constraints ofwireless networks. In a representative embodiment, the mobile device isa cellular telephone or smart phone that operates over GPRS (GeneralPacket Radio Services), which is a data technology for GSM networks. Inaddition to a conventional voice communication, a given mobile devicecan communicate with another such device via many different types ofmessage transfer techniques, including SMS (short message service),enhanced SMS (EMS), multi-media message (MMS), email WAP, paging, orother known or later-developed wireless data formats. Although many ofthe examples provided herein are implemented on a mobile device, theexamples may similarly be implemented on any suitable computing device.

Operating environments in which embodiments of the present disclosuremay be implemented are also well-known. In a representative embodiment,a computing device, such as a mobile device, is connectable (forexample, via WAP) to a transmission functionality that varies dependingon implementation. Thus, for example, where the operating environment isa wide area wireless network (e.g., a 2.5G network, a 3G network, or theproposed 4G network), the transmission functionality comprises one ormore components such as a mobile switching center (MSC) (an enhancedISDN switch that is responsible for call handling of mobilesubscribers), a visitor location register (VLR) (an intelligent databasethat stores on a temporary basis data required to handle calls set up orreceived by mobile devices registered with the VLR), a home locationregister (HLR) (an intelligent database responsible for management ofeach subscriber's records), one or more base stations (which provideradio coverage with a cell), a base station controller (BSC) (a switchthat acts as a local concentrator of traffic and provides localswitching to effect handover between base stations), and a packetcontrol unit (PCU) (a device that separates data traffic coming from amobile device). The HLR also controls certain services associated withincoming calls. Of course, the present disclosure may be implemented inother and next-generation mobile networks and devices as well. Themobile device is the physical equipment used by the end user, typicallya subscriber to the wireless network. Typically, a mobile device is a2.5G-compliant device or 3G-compliant device (or the proposed4G-compliant device) that includes a subscriber identity module (SIM),which is a smart card that carries subscriber-specific information,mobile equipment (e.g., radio and associated signal processing devices),a user interface (or a man-machine interface (MMI), and one or moreinterfaces to external devices (e.g., computers, PDAs, and the like).The mobile device may also include a memory or data store.

FIG. 1 is a block diagram of an exemplary process of provisioningtransaction cards to consumers according to one embodiment of thepresent subject matter. In this example, a card holder 100 may apply fora transaction card from a card issuer 102 by completing an applicationand providing the necessary information requested by the card issuer102. The card issuer 102 may then evaluate the application, and inresponse to determining that the application is approved, send thetransaction card to card holder 100 after personalizing it 106. Thetransaction cards may be ordered by the card issuer 102 from a cardmanufacturer 104. The terms “card issuer” and “transaction card” and anysimilar terms are used herein in their broadest sense. Card issuer mayinclude, but is not limited to retail, wholesale, or service businessesor financial institutions such as banks, credit unions, savings and loanassociations, finance companies, stock brokerages, or asset managementfirms. Transaction card may include, but is not limited to, creditcards, debit cards, charge cards, and automatic teller machine cards.The personalization 106 of the transaction card may be done by the cardissuer 102 or by an outside vendor, and it may include adding a name,account number, or other information as determined by the card issuer102.

FIG. 2 is a block diagram of an example payment transaction according toone or more embodiments of the presently disclosed subject matter.Referring to FIG. 2, a card holder 200 purchases a product or servicefrom a merchant 202. The card holder 200 uses a transaction card that isprocessed using the merchant point of sale (POS)/electronic cashregister (ECR) system 204. At the system 204, it is determined whetherpayment is authorized. In response to determining that payment isauthorized, the transaction proceeds to a payment processor 206 and thento a merchant acquirer 208 who may send the transaction information to amerchant account system 210 that services that particular merchant'saccount. The merchant accounting system 210 distributes the transactionsto the appropriate card companies 216, such as VISA®, MASTERCARD®,AMERICAN EXPRESS®, DISCOVER®, and the like, deducts the appropriatemerchant fees from the transaction amount, and generates instructionsfor the automated clearing house (ACH) network 212 to remit thedifference to the merchant's bank for deposit into the merchant demanddeposit account 214. The transaction information is then sent from thecard companies 216 to the card issuer 218. The card issuer 218 may billthe card holder 200 by sending the card holder 200 a monthly statementto collect the balance.

As part of the transaction process, the payment must be authorized bythe card issuer 218. The payment authorization may involve the cardissuer 218 conducting a series of checks for fraud and verifying thatthe card holder's available credit line is sufficient to cover thepurchase before returning a response. The payment authorization processtypically takes no more than a few seconds.

FIG. 3 is a block diagram of an example payment transaction usinglocation-based identity verification according to one embodiment of thepresent subject matter. Referring to FIG. 3, card holder and card owner300 purchases a product or service from merchant 302. The card holder300 uses a transaction card that is processed using the merchant POS/ECRsystem 304. In response to determining that the payment is authorized,the transaction proceeds to a payment processor 306 and then to amerchant acquirer 308 who may send the transaction information to amerchant account system 310 that services that particular merchant'saccount. The merchant accounting system 310 distributes the transactionsto the appropriate card companies 316, deducts the appropriate merchantfees from the transaction amount, and generates instructions for the ACHnetwork 312 to remit the difference to the merchant's bank for depositinto the merchant demand deposit account 314. The transactioninformation is then sent from the card companies 316 to the card issuer318. The card issuer 318 bills the card holder 300 by sending the cardholder 300 a monthly statement to collect the balance.

The payment must be authorized by the card issuer 318. An examplepayment authorization process is disclosed and described hereinabove,such as in the example of FIG. 2. The payment authorization process ofFIG. 3 includes location-based identity verification according to one ormore embodiments of the present subject matter. Location-based identityverification includes providing the card issuer 318 with user data inthe form of location data and/or identity data regarding the card holderand card owner 300 in order to verify that the card holder is the cardowner by comparing the location data and/or identity data of the cardowner and card holder 300 to the verification request data provided bythe merchant 302 for the transaction. Verification request data mayinclude, but is not limited to, data regarding the details of thetransaction and the location of the card holder and/or merchant.

In accordance with one or more embodiments, location data may beprovided by a card owner's mobile device to a card issuer. For example,the card owner 300 may interact with an application residing on his orher mobile device to control the mobile device to wirelesslycommunication the location data to a computing device of the card issuer318. Location data may include coordinates and/or identification of acity, state, country, and/or the like where the card owner will betraveling. Location data may be periodically or otherwise regularlytransmitted.

In another example, a card owner's mobile device may automaticallytransmit location data to a card issuer. The location data may beperiodically or otherwise regularly transmitted to the card issuer. Inanother example, the location data may be requested by a card issuer andtransmitted to the card issuer in response to the request. For example,a computing device of the card issuer 318 may request location data froma mobile device of the card owner 300, and the mobile device of the cardowner 300 may communicate the data to the computing device of the cardissuer 318 in response to receipt of the request.

Location data may also be provided automatically by tracking the cardowner's location using a mobile device. The mobile device may be anytype of communications device capable of transmitting and receivingsignals over a wireless network system. This may include traditionaldevices such as cellular telephones, personal communications systems,personal data assistants, conventional laptops, palmtop computers,tablet computers, or other similar devices. Location data provided by amobile device may include, but is not limited to, Global PositioningSystem (GPS) or Assisted GPS data, indoor GPS within buildings, Wi-Fitriangulation location information, cell-tower proximity location andtriangulation, and carrier assigned IP-based location. Identity data maybe provided by the card owner 300 to the card issuer 318 by entering apersonal identification number (PIN) or passcode into a mobile device ofthe card owner 300. Identity data may also be provided through abiometric engagement of the card owner 300 with a fingerprint scanner,voice recognition on a mobile device, or other similar devices.Additional identity data may be gathered from the mobile device such asmobile device model and unique serial number, subscriber identity module(SIM) number, or other attributes or pre-registered and carrierassignable mobile device information.

A mobile device of the card owner 300 may monitor and collect thelocation data and/or identity data and store it securely on the device.When requested by a computing device of the card issuer 318, thelocation data and/or identity data may be sent to the card issuer 318 inan encrypted format. Location data and/or identity data may be comparedlocally on the mobile device, and changes may be detected and reportedto the card issuer 318. The location data and/or identity data isavailable for use by the card issuer 318 to manage fraudulent activityand minimize risk.

FIGS. 4A and 4B illustrate flow diagrams of example verificationprocesses according to embodiments of the presently disclosed subjectmatter. Referring to FIG. 4A, the process may begin when a transactionis initiated. For example, an individual or user 400 may shop at aretail establishment 402, such as a store at a shopping mall. Aftercollecting items for purchase, the user 400 may proceed to apoint-of-sale (POS) terminal at the retail establishment where apurchase transaction can be processed. The user 400 may present his orher transaction card 404 (e.g., a credit card or debit card) to storepersonnel at the POS terminal for conducting the purchase transaction.

When a transaction is initiated, the store personnel may collectidentification information from the transaction card 404 forcommunicating a payment authorization request to a card issuer 406. Forexample, a scanner of the POS terminal may be used to scan a magneticstripe of the transaction card 404. In another example, the storepersonnel may manually enter a card number identified on the transactioncard 404 into the POS terminal. After the identification information hasbeen collected, the POS terminal and/or other computing equipment at theretail establishment 402 may send a payment authorization request,including the identification information and other verification requestdata, to computing equipment of the card issuer 406.

In accordance with embodiments of the present disclosure, verificationrequest data may include location information for the retailestablishment 402. For example, the location information may identifycoordinates and/or identification of a city, state, country, and/or thelike of the retail establishment 402. Alternatively, for example, thelocation information may identify the retail establishment 402, and thecard issuer 406 may search a database including information thatassociates the identified retail establishment with coordinates and/oridentification of a city, state, country, and/or the like of the retailestablishment 402.

FIG. 4B provides an alternative example to using a transaction card asin the example of FIG. 4A. In this example, the user 400 may utilize avirtual (soft) card in the form of a mobile wallet as part of a mobiledevice 408. For example, an application residing on the mobile device408 may implement functionality of a mobile wallet. The mobile walletfunction may implement payment service features similar to a transactioncard. The mobile wallet may be associated with a financial institutionand may include financial account identification information for use inconducting a transaction at a retail establishment, such as the retailestablishment 402. In this example when a transaction is conducted, theuser 400 may use the mobile wallet to provide identification informationto the POS terminal of the retail establishment 402. The POS terminalmay use the identification information to conduct a purchasetransaction. Particularly, the POS terminal or other computing equipmentat the retail establishment 402 may communicate verification data,including the identification information from the mobile wallet andlocation information of the mobile device 408, to the card issuer 406for initiation of the purchase transaction.

In both the examples of FIGS. 4A and 4B, verification request dataprovided by the retail establishment 402 to the card issuer 406 mayprovide the card issuer 406 with a current location of the user 400attempting to conduct the purchase transaction at the retailestablishment 402. This is because the location of the retailestablishment 402 can be verified by information provided by the retailestablishment 402. The location information may be based on informationprovided by computing equipment of the retail establishment 402 and/orthe mobile wallet on the mobile device 408. Using the location dataand/or identification data provided by the mobile device 408, the cardissuer 406 can verify the identity of the user 400 by comparing thelocation where the transaction is being attempted (i.e., the location ofthe retail establishment 402) with the location reported by the mobiledevice 408 of the user 400. Particularly, computing equipment of thecard issuer 406 may determine whether the two locations match or aresubstantially the same. In response to determining that the twolocations match or are substantially the same, the computing equipmentof the card issuer 406 may authorize that the purchase transactionproceed and may report this authorization to computing equipment of theretail establishment 402.

FIG. 5 illustrates a diagram of an example verification process for atransaction card according to embodiments of the presently disclosedsubject matter. Referring to FIG. 5, a user or owner of a mobile device500 may be located in San Jose, Calif. The mobile device 500 may includea mobile wallet application. In this example, a financial card 502 ownedby the user may be wrongfully carried by another in Las Vegas, Nev. Theholder of the financial card 502 may attempt to use the financial card502 at retail establishment for conducting a fraudulent purchasetransaction in Las Vegas. Computing equipment of the retailestablishment may obtain identification information from the financialcard 502. Subsequent to obtaining the identification information, theidentification information and location information may be communicatedto a card issuer, such as the card issuer 406 shown in FIGS. 4A and 4B,that provided the card 502 to the owner, who is now located in San Jose.The mobile device 500 of the card owner may provide location informationof the mobile device 500 that indicates that the card owner is locatedin San Jose.

Computing equipment of the card issuer may compare the locationinformation of the mobile device 500 and the location information of theretail establishment where use of the card 502 is being attempted. Thecomputing equipment of the card issuer may determine whether thelocations are the same or similar. In response to determining that thelocations are the same or similar, the computing equipment may provide acommunication to the retail establishment for authorizing the purchasetransaction. In response to determining that the locations are not thesame and not similar, the computing equipment may provide acommunication to the retail establishment for declining the purchasetransaction. In this way, the owner of the card 502 may be protectedfrom fraud by comparing the location of the mobile device 500 to thecard 502. Further, in response to determining that the locations are notthe same or similar, the computing equipment may communicate an alert tothe mobile device 500 for indicating a fraudulent purchase attempt. Inresponse to the alert, the user of the mobile device 500 may inputinstructions for approving the purchase transaction. In this case, thecard issuer may communicate authorization to the retail establishment.

In an alternative embodiment, a card issuer may use the location dataand/or identity data to prevent a fraudulent soft card request. Whenissuing a soft card to a card owner based on a card owner's request,location data and/or identity data regarding the request may be attachedand securely sent to the card issuer. The soft card may then be issuedif the card owner is in an acceptable location and is using a validatedand preregistered mobile device. If the location data and/or identitydata cannot be verified by the card issuer, the card owner may beprompted in real time for a personal identification number (PIN),passcode, or biometric identification. Location data and/or identitydata may also be used to verify a card owner when a request for a softcard is initiated by a third party.

In an alternative embodiment, the card owner's mobile wallet may sendthe card issuer of the card owner's location any time the mobile deviceis turned on and/or the mobile wallet application is opened. If themobile wallet is in an unknown or unacceptable location the wallet maybe locked or the card issuer may require the card owner to provide aPIN, passcode, or biometric identification.

In an alternative embodiment, the mobile wallet may send location dataand/or identity data to a payment terminal/reader during a near fieldcommunications (NFC)-redemption to enrich the transaction and provide amore secure transaction.

In accordance with embodiments of the present disclosure, an owner of atransaction card may actively inform a card issuer that the owner istraveling or will be using the card in a different location. Forexample, the user may use a mobile wallet residing on his or her mobiledevice for controlling the mobile device to determine a current locationand to communicate the current location information to a card issuer. Inthis way, the card issuer may store the location information for uselater for comparison to a location of attempted use of a transactioncard. In an example, the mobile phone may detect that the user is in adifferent location (e.g., different city), and in response, the mobilephone may prompt the user to authorize reporting of the differentlocation to the card issuer.

In accordance with embodiments of the present disclosure, an owner of atransaction card may define or specify in his or her mobile device anumber of times within a time period that his or her transaction cardmay be authorized for use for purchase transactions. In this way, his orher exposure to risk of fraudulent use of the transaction card may belimited. As an example, the owner may interact with the mobile device toenter the number of times and the time period (e.g., number of hours ordays). This information may be communicated to a card issuer for use inlimiting purchase transactions with the card in accordance with thedefined number of use and time limits. Such a feature may be useful, forexample, when the owner is traveling to high risk areas. Further, forexample, the owner may define an amount of spending over a defined timeperiod. Such spending limits may be based on, for example, a maximumamount per transaction, a maximum amount in a time period (e.g., a day),and an overall spending limit on an account.

In accordance with embodiments of the present disclosure, purchasetransaction related activity may be monitored for determining whetherthe associated account is to be identified as a high risk account. Forexample, an owner of a transaction card may specify criteria (e.g.,spending amount within a time period) which is used to determine whetherthe account should be treated as a high risk account. If the specifiedcriteria are met, the account is identified as a high risk account. Inan example, if the account is identified as high risk, purchases by theassociated transaction card may be declined for purchases at particularhigh risk merchants. Such transaction may be allowed if permission isverified by an owner either over a telephone or via mobile deviceauthorization as described herein. In another example, if a transactionis initially declined, an owner may request that the purchasetransaction be verified via a mobile payment application. In thisexample, the owner may enter a password in his or her mobile device forverifying the transaction. Alternatively, for example, the owner mayanswer one or more questions via his or her mobile phone and thepurchase transaction allowed in response to the question(s) beinganswered correctly.

In an embodiment, a change of location of a mobile device of a user froma first location to a second location may be determined. For example,this may be implemented at a mobile server. In response to detecting thechange of location, the server may request confirmation of the change oflocation from the mobile device. Subsequently, the mobile device mayreceive the request and display an interface to ask for verificationfrom the user. The user may enter verification request data, such asuser name and password information, to verify that he or she isauthorized. Upon authorization, a purchase transaction may beimplemented in accordance with embodiments of the present disclosure.

While the embodiments disclosed and described herein primarily pertainto transaction cards issuers, the present subject matter may also beutilized by issuers of various types of plastic and/or soft cardsincluding, but not limited to, prepaid cards, loyalty cards, offers,vouchers, coupons, transit tickets, entertainment tickets, stored valuetickets, driver's license, passports, identification cards, traveldocuments, other secure documents issued by authorities, medicalinsurance cards, pharmacy card, automobile insurance cards, and clubmemberships.

The various techniques described herein may be implemented with hardwareor software or, where appropriate, with a combination of both. Thus, themethods and apparatus of the disclosed embodiments, or certain aspectsor portions thereof, may take the form of program code (i.e.,instructions) embodied in tangible media, such as floppy diskettes,CD-ROMs, hard drives, or any other machine-readable storage medium,wherein, when the program code is loaded into and executed by a machine,such as a computer, the machine becomes an apparatus for practicing thepresently disclosed subject matter. In the case of program codeexecution on programmable computers, the computer will generally includea processor, a storage medium readable by the processor (includingvolatile and non-volatile memory and/or storage elements), at least oneinput device and at least one output device. One or more programs arepreferably implemented in a high level procedural or object orientedprogramming language to communicate with a computer system. However, theprogram(s) can be implemented in assembly or machine language, ifdesired. In any case, the language may be a compiled or interpretedlanguage, and combined with hardware implementations.

The described methods and apparatus may also be embodied in the form ofprogram code that is transmitted over some transmission medium, such asover electrical wiring or cabling, through fiber optics, or via anyother form of transmission, wherein, when the program code is receivedand loaded into and executed by a machine, such as an EPROM, a gatearray, a programmable logic device (PLD), a client computer, a videorecorder or the like, the machine becomes an apparatus for practicingthe presently disclosed subject matter. When implemented on ageneral-purpose processor, the program code combines with the processorto provide a unique apparatus that operates to perform the processing ofthe presently disclosed subject matter.

While the embodiments have been described in connection with thepreferred embodiments of the various figures, it is to be understoodthat other similar embodiments may be used or modifications andadditions may be made to the described embodiment for performing thesame function without deviating therefrom. Therefore, the disclosedembodiments should not be limited to any single embodiment, but rathershould be construed in breadth and scope in accordance with the appendedclaims.

What is claimed:
 1. A method for using location data in a soft cardissuance transaction, the method comprising: using at least oneprocessor and memory for: receiving a request for issuance of a softcard, the request having a user data including location data securelyattached to the request; determining, based on the location data,whether a location of a prospective card owner is an acceptablelocation; in response to determining that the location of theprospective card owner is an acceptable location, issuing the soft cardto the prospective card owner; and in response to determining that thelocation of the prospective card owner is not an acceptable location,prompting the prospective card owner in real time for a personalidentification number (PIN), a passcode, or biometric identificationinformation.
 2. The method of claim 1, wherein the user data includesidentity data.
 3. The method of claim 2, wherein the identity datacomprises biometric data regarding the user.
 4. The method of claim 1,further comprising receiving the user data from a mobile device.
 5. Themethod of claim 1, further comprising: receiving an indication of apredetermined number of times within a time period that the soft card isauthorized for use; determining whether the predetermined number oftimes of authorized use within the time period has been exceeded; and inresponse to determining that the predetermined number of times ofauthorized use within the time period has been exceeded, declininganother attempted use of the soft card.
 6. The method of claim 1,further comprising: receiving user-input specifying criteria fortreating an account associated with the soft card as a high riskaccount; determining whether the specified criteria are met; and inresponse to determining that the specified criteria are met, decliningan attempted use of the soft card.
 7. The method of claim 1, furthercomprising: receiving user-input specifying criteria for treating anaccount associated with the soft card as a high risk account;determining whether the specified criteria are met; in response todetermining that the specified criteria are met, alerting the user thatthe specified criteria are met; receiving response of the user to one ofauthorize and decline an attempted use of the transaction card; and oneof authorizing and declining the attempted use based on the response ofthe user.
 8. The method of claim 1, further comprising receiving, from amobile device of a user, user specification of the location data forspecifying where the user is to be traveling.
 9. The method of claim 1,further comprising: determining a change of a location of a mobiledevice of a user from a first location to a second location; andrequesting confirmation of the change of location from the mobiledevice.
 10. The method of claim 1, further comprising receivingconfirmation of the change of location from the mobile device, whereinthe confirmation includes the verification request data.
 11. A computingdevice for using location data in a soft card issuance transaction, thecomputing device comprising: at least one processor and memoryconfigured to: receive a request for issuance of a soft card, therequest having user data including location data securely attached tothe request; determining, based on the location data whether a locationof a prospective card owner is an acceptable location; in response todetermining that the location of the prospective card owner is anacceptable location, issuing the soft card to the prospective cardowner; and in response to determining that the location of theprospective card owner is not an acceptable location, prompting theprospective card owner in real time for a personal identification number(PIN), a passcode, or biometric identification information.
 12. Thecomputing device of claim 11, wherein the user data includes identitydata.
 13. The computing device of claim 12, wherein the identity datacomprises biometric data regarding the user.
 14. The computing device ofclaim 12, further comprising receiving the user data from a mobiledevice.
 15. The computing device of claim 11, wherein the at least oneprocessor and memory are configured to receive, from a mobile device ofa user, user specification of the location data for specifying where theuser is to be traveling.
 16. The computing device of claim 11, whereinthe at least one processor and memory are configured to: determine achange of a location of a mobile device of a user from a first locationto a second location; and request confirmation of the change of locationfrom the mobile device.
 17. The computing device of claim 11, whereinthe at least one processor and memory are configured to receiveconfirmation of the change of location from the mobile device, whereinthe confirmation includes the verification request data.
 18. Anon-transitory computer-readable medium having computer program codeembodied thereon, the computer program code for using location data in asoft card issuance transaction, the computer program code comprising:instructions for receiving a request for issuance of a soft card, therequest having user data including location data securely attached tothe request; instructions for determining, based on the location data,whether a location of a prospective card owner is an acceptablelocation; instructions for, in response to determining that the locationof the prospective card owner is an acceptable location, issuing thesoft card to the prospective card owner; and in response to determiningthat the location of the prospective card owner is not an acceptablelocation, prompting the prospective card owner in real time for apersonal identification number (PIN), a passcode, or biometricidentification information.
 19. The non-transitory computer-readablemedium of claim 18, wherein the user data includes identity data. 20.The non-transitory computer-readable medium of claim 19, wherein theidentity data comprises biometric data regarding the user.
 21. Thenon-transitory computer-readable medium of claim 18, wherein thecomputer program code further comprises instructions for receiving theuser data from a mobile device.